Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: PHP With GIF Header Evasion Command Execution

This signature detects PHP files with GIF image headers. WordPress blogs which use the "TimThumb" graphics manipulation library are vulnerable to PHP command execution when such files are passed to them for processing. This vulnerability is being actively exploited by BotNets as of June 2012.

References

URL: http://www.emergingthreatspro.com/bot-of-the-day/under-my-timthumbs-thumb/ http://code.google.com/p/timthumb/ http://wordpress.org/ http://blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html

Short Name

HTTP:PHP:GIF-HEADER-EVASION

Severity

Major

Recommended

False

Recommended Action

Drop

Category

HTTP

Keywords

Command Evasion Execution GIF Header PHP With

Release Date

06/05/2012

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown